JP2000242491A - Computer and program recording medium - Google Patents

Abstract

(57) [Summary] [PROBLEMS] Once AV data for which copyright is claimed is passed to application software, the application software can freely perform processing such as recording AV data, and copyright There is a problem that it cannot be protected. SOLUTION: In a computer which includes a system unit 12 and an application software unit 13 and takes in and processes encrypted data whose copyright is claimed from a digital interface 1, the system unit 12 protects the copyright by the application software unit 13. A computer that determines that the application software is legitimate, and passes the key of the encrypted data to the application software unit 13 if the application software is legitimate.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] The present invention relates to a computer for recording and reproducing data and a program recording medium.

[0002]

2. Description of the Related Art Networks for digitizing and transmitting audio information and video information have been developed. In order to transmit and view audio information and video information, it is necessary to transmit data in real time.

[0003] IEEE 1394 has been proposed as a standard for such a network for real-time data transmission, and is now widely used. IEEE139
Reference numeral 4 is mounted as an external interface in many digital video / audio devices, including a home digital VCR. In the VCR, by using IEEE1394, the operation of the VCR is controlled from an external device, and the data is transmitted from the external device to the VCR, and the VCR is used.
It is also possible to record and play back at.

On the other hand, with the development of multimedia technology and the emergence of recording media such as large-capacity hard disks and magneto-optical disks, PCs can also process video information and audio information. That is, the PC can also function as a recording / reproducing device or monitor for video information and audio information. IEEE 1394 is supported by Windows 98, which is a standard OS of PC, and VC
AV data can be exchanged between a PC and a digital video / audio device such as R. In this way, it is expected that the fusion of digital video and audio equipment and PCs will further advance in the future.

In order to handle video information and audio information on a PC, it is necessary to install application software for processing the video information and audio information on the PC.
AV data sent from the video / audio device is input into the PC, and processing such as display, recording, and reproduction is performed by application software installed in the PC. For example, if the application software has a recording function, the AV data sent from the video / audio device is input to the PC, and is recorded on a recording medium such as a hard disk or a magneto-optical disk by the application software. Thus AV
There are various types of application software that can process data, and by installing the application software, a variety of functions such as recording, reproduction, display, and processing for processing AV data can be added to a PC.

On the other hand, there is AV data for which copyright is claimed, such as prohibiting copying or permitting copying for one generation only. The copyrighted AV data is V
In digital video and audio equipment such as CRs, recording, reproduction, etc. are performed while protecting the intended copyright. For example, the VCR does not record AV data for which copying is prohibited. However, if the AV data permits copying for only one generation, the VCR can record the data.
Whether or not the AV data can be copied in this way is confirmed between the VCR and a device such as an STB (Satellite Broadcasting Receiver), which is a sender of the AV data, based on authentication or license information based on copyright.

[0007]

However, in the present PC, even if the PC tries to protect the copyright of the AV data for which the copyright has been claimed, the function of the application software installed in the PC causes the PC to function. Since various functions such as recording, playback, and display can be provided to the application software, once the copyrighted AV data is passed to the application software, the application software can freely record the AV data. And the copyright cannot be protected.

[0008] Even if a mechanism is provided for granting a license for processing copyrighted AV data to application software, if the application software is tampered with illegally and the copyright cannot be protected. There is. If the tamper-resistant method is implemented in the application software to prevent unauthorized modification of the application software, the copyright is effectively protected. However, also in this case, once the tamper-resistant method is broken by an unauthorized user, it is necessary to greatly change the structure of the PC, the configuration of the OS, the application software, and the like, and there is a problem that the loss is large.

In the case where the above-mentioned unlicensed application software illegally handles the copyrighted data, the source application software is identified from the data copied and leaked by the unauthorized application software. Can not. That is, after the unauthorized application software is known, if the unauthorized application software is used again, it cannot be detected and rejected. In other words, there is a problem that it is impossible to confirm and reject illegal software for copyright protection.

[0010] The feature of unauthorized use by software is that unauthorized use can be widely spread at low cost by copying software or the like. For this reason, even if the source of the illegal outflow can be specified, there is a problem that a method of eliminating an unauthorized device used in the case of hardware for each specific device is not effective. For example, if a copy of a falsified application that can avoid tamper-resistant checks is distributed or a method to avoid a tamper-resistant check method is found and distributed, it is excluded for each individual computer. The conventional method cannot prevent fraud, and there is a possibility that even a normal application cannot be used.

[0011] Further, from the above-mentioned viewpoints, once an unauthorized outflow by a computer equipped with an unauthorized outflow mechanism is detected, an AV or an OS itself is not transmitted to the computer or the OS itself.
Obviously, there is a wide range of disadvantages such as prohibiting the use of data and the necessity of modifying the computer and the OS itself, and it is evident that very large costs are required.

As described above, when the copyrighted data is illegally distributed, there is a problem that there is no method for easily preventing unauthorized use thereafter.

According to the present invention, there is a problem that application software can perform a process against a copyright on data for which copyright is claimed, and the copyright is not protected.
Due to unauthorized modification of application software,
The challenge of doing things contrary to copyright claims, the challenge of not being able to identify and reject fraudulent application software for copyright protection in the event of unauthorized application software,
When a copy of a falsified application that can circumvent the tamper resistant check method is distributed, if the conventional method cannot prevent fraud, and if a computer with a mechanism of illegal leakage detects unauthorized leakage, However, taking into account the problem of extremely high costs to eliminate this, protect the copyright of the copyrighted data, deal with unauthorized tampering of the application software, It is another object of the present invention to provide a computer and a program recording medium capable of confirming and rejecting the application software and eliminating illegal outflow without increasing costs.

[0014]

In order to solve the above-mentioned problems, a first invention (corresponding to claim 1) includes a system unit and an application software unit, and a copyright is claimed from a digital interface. In a computer that takes in and processes the encrypted data, the system unit determines that the application software unit is legitimate application software in protecting copyright, and if the application software unit is legitimate, a key of the encrypted data is used. Is transferred to an application software unit.

The second invention (corresponding to claim 2) is:
The computer according to the first aspect, wherein the determination in the system unit is performed by authentication between the system unit and the application software unit.

A third aspect of the present invention (corresponding to claim 3) is:
The determination in the system section is based on the CRL (Ce
rtification Revocation Li
The computer according to the first invention, which is performed in st).

The fourth invention (corresponding to claim 4) provides:
The system unit obtains the encrypted key as a result of authentication with the outside, decrypts the encrypted data, and re-encrypts the data decrypted with the key or another key again. A computer according to any one of the first to third aspects of the invention.

A fifth aspect of the present invention (corresponding to claim 5) is:
The system unit has a tamper confirmation function, a tamper code is embedded in the application software of the application software unit, the system unit reads the tamper code from the application software unit, using a tamper confirmation function, The computer according to any one of the first to fourth inventions, wherein it is determined whether or not the application software has been tampered with, and if the tampering is found using the software, the result is notified. is there.

A sixth aspect of the present invention (corresponding to claim 6) is:
In a computer that includes a system unit and an application software unit, and takes in and processes encrypted data for which copyright is claimed from a digital interface, the system unit has a plurality of types of tamper confirmation functions. A tamper code corresponding to a predetermined type of tamper confirmation function and its type information are embedded in the application software, and the system unit reads the tamper code and its type information from the application software unit,
Using a tamper confirmation function corresponding to the type, determine whether or not the application software has been tampered with, and if it is determined that the application software has been tampered with, use the computer to notify the user of the result. is there. According to a seventh aspect of the present invention (corresponding to claim 7), in a computer which includes a system unit and an application software unit and fetches and processes copyrighted encrypted data from a digital interface and processes the data, the system unit A computer characterized in that information on application software of an application software unit is embedded in the data and the data is sent to the application unit.

According to an eighth aspect of the present invention (corresponding to claim 8),
The information on the application software,
The computer according to claim 7, wherein the computer software is a name of the application software, a version number of the application software, a tamper code, type information of a tamper resistance confirmation function, or information on a user.

According to a ninth aspect of the present invention (corresponding to claim 9),
A program recording medium storing a program for causing a computer to execute all or a part of the functions of each component of the computer according to any one of the first to eighth inventions.

[0022]

Embodiments of the present invention will be described below with reference to the drawings.

(Embodiment 1) A first embodiment will be described with reference to FIGS.

In the present embodiment, a case will be described where authentication is performed by the system unit and the application software unit, and AV data input to the PC is encrypted and circulated inside the PC.

In FIG. 1, the PC 24 is a system unit 1
2 and an application software unit 13. The system unit 12 is D-IF hardware of the PC 24 or system software such as a driver and an OS. The application software unit 13 is means for recording application software and executing the application software.

The system unit 12 includes a 1394D-IF1,
It comprises a transmission authentication means 2, an application authentication function 3, a signature memory 4, a transmission decryption means 6, and a PC internal encryption means 7.

The 1394 D-IF 1 is an IEEE 1394 interface which is a standard of the serial bus interface, and is an interface for exchanging data and commands with external devices such as STB and D-VHS. The transmission authentication means 2 is a means for performing authentication with an external device when the copyright of the AV data is claimed, and passing a key for decrypting the AV data to the transmission decoding means 6 when the authentication is successful. . The application authentication function is 1394D
A means for performing authentication inside the PC when the AV data input via the IF1 is copyrighted. That is, authentication with the application software unit 13 is performed by referring to the contents of the signature memory 4 in which the signature created by the signature generation unit 9 is recorded, and if the authentication is successful, the encryption is performed by the PC internal encryption unit 7. Is a means for passing the key for decryption to the application authentication means 8 with the key. The signature memory 4 is a memory for recording the signature generated by the signature generation means 9. The transmission decryption means 6 receives the key from the transmission authentication means 2 when the authentication with the external device succeeds, and
This is means for decoding AV data input via the 394D-IF1. The in-PC encryption means 7 is means for encrypting the AV data decrypted by the transmission / decryption means 6 when the authentication with the application software unit 13 succeeds, and transferring the data to the application unit 13.

The application software unit 13
It comprises an application authentication unit 8, a signature generation unit 9, a data use (decode display) unit 10, and a decryption unit 11.

The application authentication means 8 is a means for performing an application authentication function of the system unit 12 and performing authentication. Signature generation means 9
Is a means for generating a digital signature used for authentication with the system unit 12. The data use (decode display) means 10 is means for making the AV data available to the currently activated application software. When the authentication with the system unit 12 is successful, the decryption unit 11 obtains a key for decryption from the application authentication unit 9 and uses the key to decrypt the AV data encrypted by the in-PC encryption unit 7. Is a means for decoding.

Next, the operation of the embodiment will be described.

First, how to represent the copyright information will be described.

When AV data is transmitted from an external device such as an STB or VTR to the PC 24, the AV data may be claimed for copyright. That is, copy prohibition and 1
Conditions such as permitting duplication only once may be given. Signal information indicating such a license is provided by CGMS (Copy Generator) embedded in the stream.
information).

The CGMS exists inside a transport stream sent from a broadcasting station. CGMS is 2-bit data, and the possible values of CGMS and their meanings are as follows.

That is, when CGMS = 11, copy
Never means copy when CGMS = 10
one generatioin, CGMS =
00 means copy free. Also CGM
S = 01 does not exist. However, copy never means that copying is prohibited, and only viewing of the AV data is permitted. copy one genarato
The “ion” permits copying for only one generation, and the copied AV data can be viewed repeatedly as many times as necessary. The copy free indicates that the copy may be freely made. In order to detect CGMS, a transport stream decoder circuit and the like are required, and the hardware configuration becomes complicated.

On the other hand, signal information (hereinafter referred to as EMI (Encryption Mode Indic) for transmitting the license information in the header of the IEEE 1394 packet data.
a)), hardware such as a transport stream decoder circuit becomes unnecessary.

EMI is generated from CGMS and takes the following values: That is, when EMI = 11, copy never
r, and when EMI = 10, copy one g
means eneratioin, c when EMI = 00
means opy free. EMI = 01 is no
Means more copy. However, copy
"ver" means that copying is prohibited, and only viewing of the AV data is permitted. copy one genea
The "ration" permits copying for only one generation, and the copied AV data can be viewed repeatedly as many times as necessary. The copy free indicates that the copy may be freely made. Also no mor
e copy is copy one generator
n indicates that the AV data has been copied after the AV data has been copied, and further copying indicates that the data is not permitted.

Such EMI is used in IEEE 1394 to specify an encryption method and an authentication method. For example, in a copy free of EMI = 00, AV
No encryption is performed when sending data. EMI = 1
0 copy one generation and EMI
EMI = 11 in the no more copy of = 01
And the method of authentication of the key and the device used for encryption are different from the copy never.

Now, it is assumed that AV data has been sent from the STB. Then, whether or not the AV data sent from the STB is copyrighted is determined by the above-described CGMS or EMI. If the copyright is claimed, authentication is performed with the STB that is the source of the AV data. The AV data is transmitted after being encrypted. If the authentication is successful, the transmission authentication means 2 obtains a key for decrypting the AV data from the STB. If the EMI is 11, authentication using a public key is performed, and if the EMI is 10 or 01, authentication using a common key is performed.

When the authentication between the transmission authentication unit and the STB succeeds, the authentication is performed between the application software unit 13 and the system unit 12 next. The application authentication means 8 uses the signature generation means 9 to generate a digital signature of the currently activated application software. The signature memory 4 records the digital signature generated by the signature generation means 8. The application authentication function 3 performs authentication with the application authentication means 8 based on the digital signature recorded in the signature memory 4.

However, a license corresponding to the license information of the AV data for which copyright is claimed is given to each application software in advance. Only the software having a valid license is successfully authenticated by the authentication between the application software unit 13 and the system unit 12. Specifically, licenses are classified according to the functions of the application software.
The license given to software that only displays AV data is license A, and the license given to software that records AV data is license B. C is a software license that strictly adheres to the copyrighted contents. The license C performs reproduction only on the AV data when the duplication of the AV data is prohibited and does not copy the AV data. It is software that can be copied only once. However, in the case of license C, the contents of the copyright of the claimed AV data
The application software needs to be notified along with the data, which can be
What is necessary is just to incorporate in V data.

It is assumed that the license of the currently activated application software is B. The EMI of the license information of the AV data sent from the STB is assumed to be 11. That is, it is assumed that duplication of AV data is prohibited. In this case, authentication is performed between the application authentication means 8 and the application authentication function 3, but the authentication does not succeed. It is also assumed that the license of the currently activated application software is A. In this case, since the application software is software that performs only display, the authentication between the application authentication unit 8 and the application authentication function 3 succeeds. If the AV data is copy-protected or the application software is licensed C, the authentication is successful. FIG. 7 shows a list of types of AV data licenses, types of application software licenses, and whether authentication succeeds or fails.

If the authentication between the application software unit 13 and the system unit 12 is successful, the transmission decryption unit 6
Receives the decryption key from the transmission authentication means 2,
The AV data transmitted via the 1394D-IF1 is decoded. Next, the AV data is encrypted again by the encryption means for PC 7. In the PC 24, the copyrighted AV data is distributed as encrypted until immediately before it is used for application software. further,
The decryption means 11 constituting the data use (decode display) means 10 receives the decryption key from the application authentication means 8 and decrypts the AV data. The decrypted AV data is passed from the data use (decode display) means 10 to the currently activated application software and processed.

The application software unit 13
If the authentication between the communication unit and the system unit 12 fails, the transmission decryption unit 6 decrypts the AV data, encrypts the AV data again by the PC internal encryption unit 7, and sends it to the data use (decode display) unit 10. Since the authentication has failed, the application authentication unit 8 cannot receive the key for decryption from the application authentication function 3, and therefore cannot pass the key for decryption to the decryption unit 11, so that the decryption unit 11 AV data cannot be decoded. In the case of application software having an inappropriate license, authentication fails, so that AV data cannot be decrypted and processed.

As described above, inside the PC 24, the AV data for which the copyright is claimed is encrypted, the authentication is performed between the system unit 12 and the application software unit 13, and the licensed application software is selected. By doing so, even if unlicensed application software receives AV data, the AV data cannot be used as meaningful because the data is encrypted,
The copyrighted AV data can be protected.

In the re-encryption of the present invention, the encryption may be performed using the same key as the encryption during transmission, or the encryption may be performed using a key different from the encryption during transmission. . Furthermore, the AV data encrypted during transmission may be distributed inside the PC without decryption. In addition, a unique method other than the above method may be used for the re-encryption method.

Further, when the authentication between the system unit and the application software unit fails as in the above-described embodiment, the encryption unit for the PC in this embodiment uses the encrypted data for data use (decode display). Not only data sent to the means but also data that sends invalid data such as a blue screen to the data use (decode display) means may be used. By doing so, the copyright of the AV data can be protected more safely.

Further, the system unit of the present invention includes a 1394D
-It can be realized by hardware constituting the IF or system software such as a driver or an OS. In short, it may be realized by hardware in the PC or by system software.

Further, the license of the present embodiment is not limited to the three types of A, B and C as described above.
In short, it is only necessary to use a method corresponding to the type of copyright information of AV data, such as four types or two types.

Further, in this embodiment, S is used as an external device.
It has been described that the PC receives the AV data for which the copyright is claimed from the STB by taking the TB as an example. However, the present invention is not limited to this, and DVC, DVHS, HDD, DVD
In short, any device that can transmit the copyrighted AV data, such as a RAM and a broadcast receiver, may be used.

Further, in the present embodiment, IEEE 139 is used.
4 is described as an example, but the present invention is not limited to this, and any network may be used as long as it has a mechanism for transmitting copyrighted AV data together with its copyright information.

Further, the AV data of the present embodiment is not limited to the video and audio data as described above, but may be any data in which copyright is insisted, such as a program or a document in which copyright is claimed.

Further, the PC of the present embodiment is an example of the computer of the present invention.

(Embodiment 2) Next, a second embodiment will be described with reference to FIG.

In the present embodiment, a case is described in which application software is determined based on a management standard (hereinafter referred to as CRL) indicating unauthorized or valid application software before authentication is performed between the system unit and the application software unit. I do.

The difference from the first embodiment is that the system unit 12 includes the CRL memory 14 and the application CRL memory 1.
5. It has a CRL comparing means 16. The following description focuses on the differences from the first embodiment.

The CRL memory 14 is a memory for storing a management standard indicating an unauthorized or legitimate device. The application CRL memory 15 is a means for storing a management standard indicating unauthorized or legitimate application software. The CRL comparing means 16 is means for judging whether the application software is illegal or valid based on the CRL.

Next, the operation of this embodiment will be described.

Also in this embodiment, it is assumed that AV data is sent from the STB, and that the AV data is claimed to be copyrighted. First, before performing authentication between the transmission decryption means 6 and the STB, it is determined whether the PC 24 is a legitimate device or an unauthorized device using the CRL stored in the CRL memory of the STB. If it is determined that the device is valid, the transmission authentication unit 2 performs authentication with the STB. If it is determined that the device is an unauthorized device, the STB does not perform authentication, and does not pass the key for decrypting the encrypted AV data to the PC 24.

Now, it is assumed that the PC 24 is determined as a valid device by the STB. Then, the transmission authentication means 2 becomes 13
Authentication is performed with the STB via the 94D-IF1. If the authentication is successful, the STB passes the key for decrypting the AV data to the transmission authentication means 2 via the 1394D-IF1.

Next, the signature generation means 9 generates a digital signature of the currently activated application software, and stores the digital signature in the signature memory 4. The CRL comparing means 16 determines the contents of the digital signature stored in the signature memory 4 and
The contents of the application CRL memory 15 are compared, and it is determined whether the currently activated application software is unauthorized software or legitimate software. If the software is unauthorized, the authentication between the application software unit 13 and the system unit 12 is not performed. If the software is legitimate, authentication is performed between the application software unit 13 and the system unit 12 next. However, it is assumed that a license similar to that of the first embodiment is provided to the application software.

Here, the application CRL memory 15 stores P
A memory such as an OS or a driver in the C24 may be stored in advance, and may be stored in advance in a CRL.
The CRL sent from E1394 may be diverted.
This CRL is not generally fixed and can be updated according to the situation. For example, when a device or an application is modified and distributed so as to infringe a copyright, it is possible to update the CRL so as to identify the device or application and cause the authentication to fail.

If the authentication between the application software unit 13 and the system unit 12 is successful, the transmission decryption unit 6
Receives the decryption key from the transmission authentication means 2,
The AV data transmitted via the 1394D-IF is decoded. Next, the AV data is encrypted again by the encryption means for PC 7. In the PC 24, the copyrighted AV data is distributed as encrypted until immediately before it is used for application software. Further, the decryption means 11 constituting the data use (decode display) means 10 receives the decryption key from the application authentication means 8 and decrypts the AV data. The decrypted AV data is passed from the data use (decode display) means 10 to the currently activated application software and processed.

The application software unit 13
If the authentication between the communication unit and the system unit 12 fails, the transmission decryption unit 6 decrypts the AV data, encrypts the AV data again by the PC internal encryption unit 7, and sends it to the data use (decode display) unit 10. Since the authentication has failed, the application authentication unit 8 cannot pass the decryption key to the decryption unit 11, and therefore, the decryption unit 11 cannot decrypt the AV data. Therefore, if the license is improper application software, the authentication fails and the AV data cannot be processed.

Alternatively, the version information of the tamper resistance system which has been broken and invalidated is obtained from the application CRL memory 15, and if the application has only the invalidated version, the AV data is transmitted to the application authentication function 3. Without giving the key for decryption, system unit 1
2 and the application software unit 13 are not authenticated.

As described above, by using the CRL to determine whether the currently running application software is illegal or legitimate before the authentication by the application software unit and the system unit, the AV data for which copyright is claimed can be obtained. Application software that performs an illegal operation can be excluded in advance.

The re-encryption of the present invention may be performed by using the same key as that used for transmission, or may be performed using a key different from that used for transmission. . Furthermore, the AV data encrypted during transmission may be distributed inside the PC without decryption. In addition, a unique method other than the above method may be used for the re-encryption method.

Further, when the authentication between the system section and the application software section fails as in the above-described embodiment, the encryption means for the PC in this embodiment uses the encrypted data for data use (decode display). Not only data sent to the means but also data that sends invalid data such as a blue screen to the data use (decode display) means may be used. By doing so, the copyright of the AV data can be protected more safely.

Further, the system section of the present invention comprises a 1394D
-It can be realized by hardware constituting the IF or system software such as a driver or an OS. In short, it may be realized by hardware in the PC or by system software.

Further, in the present embodiment, S is used as an external device.
It has been described that the PC receives the AV data for which the copyright is claimed from the STB by taking the TB as an example. However, the present invention is not limited to this, and DVC, DVHS, HDD, DVD
In short, any device that can transmit the copyrighted AV data, such as a RAM and a broadcast receiver, may be used.

Further, in the present embodiment, IEEE 139
4 is described as an example, but the present invention is not limited to this, and any network may be used as long as it has a mechanism for transmitting copyrighted AV data together with its copyright information.

Further, the AV data according to the present embodiment is not limited to the video and audio data as described above, but may be any data for which copyright is insisted, such as a program or a document for which copyright is claimed.

Further, the PC of the present embodiment is an example of the computer of the present invention.

(Embodiment 3) Next, a third embodiment will be described with reference to FIG.

In the present embodiment, a case will be described in which it is determined whether or not the application software has been tampered with by using a tamper authentication function.

The difference from the first embodiment is that the system unit 12 has a tamper authentication function 17 and the application software unit 13 has a soft check unit 18.

The tamper authentication function 17 is means for verifying a tamper code generated from application software and confirming whether the application software has been tampered with. The soft check means 18
This is a means for checking the currently running application and generating a tamper code.

Next, the operation of the present embodiment will be described.

As described above, the tamper-resistant software that generates a tamper code is software that has resistance to internal analysis and modification. In other words, this software is capable of protecting even an attack by a malicious user who tries to use the copyrighted AV data illegally. Tamper resistant software generates codes called tamper codes. The software check means 18 examines the program to verify whether there is tampering, and further examines the execution environment to verify whether there is interception on the data path, the existence of a third party who monitors the execution of the program, and the like. The tamper code is data representing the result of this verification or an intermediate result. By verifying this code, it is possible to confirm whether the tamper resistant software has been tampered with. That is, in this embodiment, it is assumed that the application software implements the tamper-resistant method.

It is assumed that the authentication is performed between the STB and the transmission authentication means 2 as in the first embodiment, and the authentication is successful. Then, the software check unit 18 checks the currently activated application software and generates a tamper code. The generated tamper code is passed to the application authentication unit, and is written into a digital signature by the signature generation unit 9, and the digital signature is stored in the signature memory 4. The tamper authentication function 17 refers to the digital signature stored in the signature memory 4 to extract and verify the tamper code of the currently activated application software. As a result, the application authentication function 3 is notified of a result of determination as to whether the currently running application has been tampered with illegally, whether data has been intercepted, and whether execution of the program has been monitored. Hereinafter, for the sake of simplicity, a description will be given assuming that determination as to whether data interception or monitoring of program execution is not performed is also included in determination as to whether an application has been tampered with illegally. When the application software has been tampered with, the application authentication function 3
Without passing the key for decrypting V data, system unit 1
2 and the application software unit 13 are not authenticated. If the information has not been tampered with, the application authentication function 3 and the application authentication means 8 perform authentication based on the digital signature recorded in the signature memory 4. However, a license is provided to the application software as in the first embodiment. Upon successful authentication,
The application authentication function 3 passes a key for decrypting the AV data to the application authentication means 8.

If the authentication between the application software unit 13 and the system unit 12 is successful, the transmission decryption unit 6
Receives the decryption key from the transmission authentication means 2,
The AV data transmitted via the 1394D-IF1 is decoded. Next, the AV data is encrypted again by the encryption means for PC 7. In the PC 24, the copyrighted AV data is distributed as encrypted until immediately before it is used for application software. further,
The decryption means 11 constituting the data use (decode display) means 10 receives the decryption key from the application authentication means 8 and decrypts the AV data. The decrypted AV data is passed from the data use (decode display) means 10 to the currently activated application software and processed.

The application software unit 13
If the authentication between the communication unit and the system unit 12 fails, the transmission decryption unit 6 decrypts the AV data, encrypts the AV data again by the PC internal encryption unit 7, and sends it to the data use (decode display) unit 10. Since the authentication has failed, the application authentication unit 8 cannot pass the key for decryption to the decryption unit 11, so the decryption unit 11 cannot decrypt the AV data. Therefore, if the license is improper application software, the authentication fails and the AV data cannot be processed.

As described above, by implementing the tamper-resistant method in the application software and further adding the function of confirming whether the application software has been tampered with illegally, A
The copyright of V data can be protected.

The re-encryption of the present invention may be performed by using the same key as that used for transmission, or may be performed using a key different from that used for transmission. . Furthermore, the AV data encrypted during transmission may be distributed inside the PC without decryption. In addition, a unique method other than the above method may be used for the re-encryption method.

Further, when the authentication between the system unit and the application software unit fails as in the above-described embodiment, the encryption unit for the PC in this embodiment uses the encrypted data for data use (decode display). Not only data sent to the means but also data that sends invalid data such as a blue screen to the data use (decode display) means may be used. By doing so, the copyright of the AV data can be protected more safely.

Further, the system section of the present invention includes a 1394D
-It can be realized by hardware constituting the IF or system software such as a driver or an OS. In short, it may be realized by hardware in the PC or by system software.

Further, in this embodiment, S is used as an external device.
It has been described that the PC receives the AV data for which the copyright is claimed from the STB by taking the TB as an example. However, the present invention is not limited to this, and DVC, DVHS, HDD, DVD
In short, any device that can transmit the copyrighted AV data, such as a RAM and a broadcast receiver, may be used.

Further, in the present embodiment, IEEE 139
4 is described as an example, but the present invention is not limited to this, and any network may be used as long as it has a mechanism for transmitting copyrighted AV data together with its copyright information.

Further, the AV data of the present embodiment is not limited to the video and audio data as described above, but may be any data in which copyright is insisted, such as a program or a document in which copyright is claimed.

Further, the tamper code and the tamper resistance confirmation function of the present invention can use any tamper resistant method, not depending on the tamper resistant method.

Further, the PC of the present embodiment is an example of the computer of the present invention, and the tamper authentication function of the present embodiment is an example of the tamper resistance confirmation function of the present invention.

(Embodiment 4) Next, a fourth embodiment will be described with reference to FIG.

In the present embodiment, a case will be described in which it is determined whether or not the application software has been tampered with using a tamper authentication function.

The difference from the third embodiment is that the system unit 12 has a plurality of types of tamper authentication functions 21, has version selection means 20, and the software check means 19 of the application software unit 13 has The point is that in addition to the tamper code, the type information of the tamper resistant system implemented in the application software is generated.

The version selecting means 20 outputs the signature memory 4
Means for selecting a tamper authentication function corresponding to the type of tamper resistant system based on the digital signature recorded in the tamper resistant function.

Next, the operation of this embodiment will be described.

As in the case of the third embodiment, it is assumed that the application software implements the tamper-resistant method. It is assumed that the authentication is performed by the STB and the transmission authentication unit 2 as in the third embodiment, and the authentication is successful. Then, the software check unit 19 checks the currently activated application software and generates tamper code and type information of the implemented tamper resistant system. The generated tamper code and type information are passed to the application authentication unit 8, and the signature generation unit 9
The digital signature is stored in the signature memory 4. Version selection means 20
Refers to the tamper resistant type information stored in the signature memory 4 and selects the tamper authentication function to be used. At this time, the version selection means 20 is provided with a unique CRL memory relating to the tamper version, although not shown in the figure, and by using this CRL memory, the tamper resistance checking means 19 which has already been known to be broken. Is not selected. The selected tamper authentication function 21 refers to the digital signature stored in the signature memory 4 and extracts the tamper code of the currently activated application software.
Verify. As a result, the application authentication function 3 is notified of the determination result as to whether or not the currently running application software has been tampered with. Application authentication function 3
Does not pass the key for decrypting the AV data to the application authentication means 8 and does not authenticate the system unit 12 and the application software unit 13 when the application software is tampered with. If the information has not been tampered with, the application authentication function 3 and the application authentication means 8 perform authentication based on the digital signature recorded in the signature memory 4. However, a license is provided to the application software as in the first embodiment. If the authentication is successful, the application authentication function 3
The key for decrypting the data is passed to the application authentication means 8.

If the authentication between the application software unit 13 and the system unit 12 succeeds, the transmission decryption unit 6
Receives the decryption key from the transmission authentication means 2,
The AV data transmitted via the 1394D-IF1 is decoded. Next, the AV data is encrypted again by the encryption means for PC 7. In the PC 24, the copyrighted AV data is distributed as encrypted until immediately before it is used for application software. further,
The decryption means 11 constituting the data use (decode display) means 10 receives the decryption key from the application authentication means 8 and decrypts the AV data. The decrypted AV data is passed from the data use (decode display) means 10 to the currently activated application software and processed.

The application software section 13
If the authentication between the communication unit and the system unit 12 fails, the transmission decryption unit 6 decrypts the AV data, encrypts the AV data again by the PC internal encryption unit 7, and sends it to the data use (decode display) unit 10. Since the authentication has failed, the application authentication unit 8 cannot pass the decryption key to the decryption unit 11, and the decryption unit 11 cannot decrypt the AV data.
Therefore, if the license is improper application software, the authentication fails and the AV data cannot be processed.

As described above, not only by implementing the tamper-resistant method in the application software, but also by implementing a plurality of tamper-resistant authentication functions in the system unit, the tamper-resistant method of the application software can be broken. Even if the system part only needs to switch the tamper resistant authentication function to another type, there is no need to upgrade the OS, so the damage caused by the tamper resistant method being broken is minimized. Can be suppressed.

The re-encryption of the present invention may be performed using the same key as that used for transmission, or may be used using a key different from that used for transmission. . Furthermore, the AV data encrypted during transmission may be distributed inside the PC without decryption. In addition, a unique method other than the above method may be used for the re-encryption method.

Further, when the authentication between the system unit and the application software unit fails as in the above-described embodiment, the encryption unit for the PC of this embodiment uses the encrypted data for data use (decode display). Not only data sent to the means but also data that sends invalid data such as a blue screen to the data use (decode display) means may be used. By doing so, the copyright of the AV data can be protected more safely.

Further, the system unit of the present invention includes a 1394D
-It can be realized by hardware constituting the IF or system software such as a driver or an OS. In short, it may be realized by hardware in the PC or by system software.

Further, in the present embodiment, S is used as an external device.
It has been described that the PC receives the AV data for which the copyright is claimed from the STB by taking the TB as an example. However, the present invention is not limited to this, and DVC, DVHS, HDD, DVD
In short, any device that can transmit the copyrighted AV data, such as a RAM and a broadcast receiver, may be used.

Further, in the present embodiment, IEEE 139
4 is described as an example, but the present invention is not limited to this, and any network may be used as long as it has a mechanism for transmitting copyrighted AV data together with its copyright information.

Further, the AV data of the present embodiment is not limited to the video and audio data as described above, but may be any data in which copyright is insisted, such as a program or a document in which copyright is claimed.

Further, the tamper code and the tamper resistance confirmation function of the present invention can use any tamper resistant method, not depending on the tamper resistant method.

Further, the PC of the present embodiment is an example of the computer of the present invention, and the tamper authentication function of the present embodiment is an example of the tamper resistance confirmation function of the present invention.

(Embodiment 5) Next, a fifth embodiment will be described with reference to FIG.

In this embodiment, a case will be described in which information relating to application software for processing AV data is embedded in the AV data by a digital watermark.

The digital watermark here refers to a technology for weaving data such as a signature into AV data so that it is difficult to modify the data, and is based on analog data superposition or digitally based on encryption technology. They do not matter.

The difference from the first and second embodiments is that the system section has a signature embedding means 22 and a digital watermark embedding means 23.

The signature embedding means 22 refers to the contents of the digital signature recorded in the signature memory 4, selects necessary information by the digital watermark embedding means 23, and adjusts the format. This is a means for performing preprocessing. The digital watermark embedding unit 23 is a unit that embeds data by a digital watermark in the AV data in a format prepared by the signature embedding unit 22.

In the present embodiment, the transmission authentication means 2, the application authentication function 3, the signature memory 4, the application authentication means 8, the signature generation means 9, the transmission decryption means 6, the PC internal encryption means 7,
Data use (decoding display) means 10, decoding means 11
Is the same as in the first embodiment. Also, a CRL memory 14, an application CRL memory 15, a CRL comparing means 16
Is the same as in the second embodiment.

Next, the operation of the present embodiment will be described.

It is assumed that authentication has been successfully performed with an external device, for example, the STB and the transmission authentication means 2. Further, it is assumed that the authentication between the application authentication means 8 and the application authentication function 3 is also successful.
Then, the encrypted AV data input from the 1394D-IF 1 is decrypted by the transmission decryption means 6.
The signature embedding means 22 extracts the digital signature including the information of the application software from the signature memory 4 and selects the content. The contents to be selected include the software name of the application software, the version number of the application software, information on the user, A
It is information of V data itself. The signature embedding means 22
The information is subjected to preprocessing such as formatting, and is sent to the digital watermark embedding means 23. The digital watermark embedding means 23 creates a digital watermark of such information in the decrypted AV data itself. The AV data on which the digital watermark has been created is re-encrypted by the PC encryption means 7 and passed to the data use (decode display) means 10. Decryption means 1
1 decodes the AV data, and the data use (decode display means) 10 passes the AV data to the currently activated application software. The application software that has received the AV data performs processing such as display, recording, and reproduction.

Here, the application software illegally records the digitally watermarked AV data.
Suppose that it was distributed outside of 24. This illegally distributed A
It is assumed that the CGMS or EMI of the AV data has been rewritten by an unauthorized application in the V data. Then, it becomes possible to record even with a valid device, and this AV data flows out to various devices. If the management organization that checks the AV data that has leaked out in this way obtains this AV data, the following can be understood by referring to the electronic watermark embedded in the AV data. That is, from the information of the AV data,
It turns out that the data is write-protected, etc.
Information on application software that has illegally copied and distributed data can be known, and the source application software can be identified.

As described above, according to the present invention, it is possible to specify information on the source of illegal distribution. However, since the computer of the present invention includes means for updating the CRL, the computer updates the CRL based on the information on the source. Thus, the application that has been illegally distributed is excluded from the use of the AV data thereafter, thereby providing specific means for preventing the unauthorized use thereafter. As described above, the use of the electronic watermark makes it possible to specify the source of the unauthorized copy and easily identify the unauthorized application software.

Note that the digital watermarking method is not limited to the method used in the present embodiment, and the above-described information can be correctly embedded in the AV data. Any method may be used as long as information can be correctly extracted.

As described above, by embedding a digital watermark in AV data, unauthorized application software can be easily specified and rejected.

(Embodiment 6) Next, a sixth embodiment will be described with reference to FIG.

The PC of this embodiment has all the functions of the PC described in the first to fifth embodiments.

The transmission authentication means 2, the application authentication function 3, the signature memory 4, the application authentication means 8, the signature generation means 9, the transmission decryption means 6, the in-PC encryption means 7, the data use (decode display) means 10, The decoding means 11 is the same as that described in the first embodiment. Also, the CRL memory 14,
The application CRL memory 15 and the CRL comparison means 16
This is the same as described in the embodiment. The version selection means 20 and the tamper authentication function 21 are the same as those described in the fourth embodiment. The signature embedding unit 22 and the digital watermark embedding unit 23 are the same as those described in the fifth embodiment.

With this configuration, since all the functions described in the first to fifth embodiments are included, the reliability of the software is checked by using tamper resistant, and the digital watermark is used. By providing a reliable fraud detection method and means to prevent recurrence when fraud is detected,
The illegal use of the copyrighted AV data can be reliably prevented, and the use of the tamper-resistant version can minimize secondary damage in the event of unauthorized use.

A program recording medium characterized by recording a program for causing a computer to execute part or all of the functions of each component of the computer of the present invention also belongs to the present invention.

[0125]

As is apparent from the above description, according to the present invention, the application software can protect the copyright of the data for which copyright has been claimed, and can counter the unauthorized tampering of the application software. It is possible to provide a computer and a program recording medium capable of checking and excluding the application software from unauthorized application software and eliminating illegal outflow without increasing the cost.

[Brief description of the drawings]

FIG. 1 shows a system unit and an application software unit in a first embodiment of the present invention performing authentication, and
FIG. 3 is a block diagram when data is encrypted in a PC.

FIG. 2 is a block diagram in a case where unauthorized application software is detected using a CRL according to the second embodiment of the present invention.

FIG. 3 is a block diagram in a case where a tamper-resistant method according to a third embodiment of the present invention is implemented.

FIG. 4 is a block diagram showing a case where a plurality of types of tamper authentication functions according to a fourth embodiment of the present invention are implemented.

FIG. 5 is a block diagram of a fifth embodiment of the present invention in which a digital watermark is embedded in copyrighted AV data.

FIG. 6 is a block diagram showing a case in which the copyright of AV data for which copyright is claimed can be more reliably protected in the sixth embodiment of the present invention.

FIG. 7 is a list showing whether authentication succeeds or fails depending on the type of application software license according to the first embodiment of the present invention.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 1394D-IF 2 Transmission authentication means 3 Application authentication function 4 Signature memory 5 Data path 6 Transmission decoding means 7 PC encryption means 8 Application authentication means 9 Signature generation means 10 Data use (decode display) means 11 Decoding means 12 System unit 13 Application software unit 14 CRL memory 15 CRL memory for application 16 CRL comparison unit 17 Tamper authentication function 18 Soft check unit 19 Soft check unit 20 Version selection unit 21 Tamper authentication function 22 Signature embedding unit 23 Digital watermark embedding unit

 ──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Hiroyuki Iizuka 1006 Kadoma Kadoma, Osaka Prefecture Matsushita Electric Industrial Co., Ltd. 72) Inventor Yoshiki Kuno 1006 Kadoma, Kazuma, Osaka Prefecture Matsushita Electric Industrial Co., Ltd. (72) Inventor Shoichi Goto 1006 Odaka, Kazuma Kadoma, Osaka Pref. 5B076 FA14 FB02 FD00

Claims (9)

[Claims] 1. A computer that includes a system unit and an application software unit, and takes in and processes copyrighted data from a digital interface and processes the encrypted data. A computer characterized in that it is determined that the application software is legitimate, and if it is legitimate, the key of the encrypted data is passed to the application software unit. 2. The computer according to claim 1, wherein the determination in the system unit is performed by authentication between the system unit and the application software unit. 3. The determination in the system unit is performed by a CRL (Certification Revoca) on which unauthorized or legitimate application software is loaded.
2. The method according to claim 1, wherein the processing is performed in a tune list.
Computer as described. 4. The system unit obtains the encrypted key based on an authentication result with the outside, decrypts the encrypted data, and re-decrypts the data decrypted with the key or another key. The computer according to claim 1, wherein the computer is encrypted. 5. The system unit has a tamper confirmation function, a tamper code is embedded in application software of the application software unit, and the system unit reads the tamper code from the application software unit and performs tamper confirmation. 5. The method according to claim 1, wherein the presence or absence of falsification of the application software is determined using a function, and when it is determined that the application software has been falsified, the result is notified. Computer as described. 6. A computer comprising a system section and an application software section, for taking in and processing copyrighted encrypted data from a digital interface, wherein the system section has a plurality of types of tamper confirmation functions, A tamper code corresponding to a predetermined type of tamper confirmation function and its type information are embedded in the application software of the application software unit, and the system unit reads the tamper code and its type information from the application software unit, A computer characterized in that the presence or absence of falsification of application software is determined using a tamper confirmation function corresponding to a type, and when it is determined that the application software has been falsified, the result is notified. 7. A computer comprising a system section and an application software section, for taking in and processing copyrighted encrypted data from a digital interface, wherein the system section stores information on application software of the application software section. A computer embedded in data and sending the data to an application unit. 8. The information on the application software is a name of the application software, a version number of the application software, a tamper code, or type information of a tamper resistance confirmation function, or information on a user. The computer according to claim 7, wherein 9. A program recording medium storing a program for causing a computer to execute all or a part of the functions of each component of the computer according to claim 1. Description: